🚀 Supercharge Your Career — Explore Preparation tools like Free AI Mock Interviews, Job Tracker, Resume & Cover Letter Builder, and much more!
DevOps
Cloud Infrastructure
Amazon Web Services
Creating Users & MFA

Creating IAM Users & Enabling MFA

Secure your AWS environment by moving away from the Root user. This guide provides a practical walkthrough for creating IAM users and enforcing Multi-Factor Authentication (MFA).

🏗️ Step 1: Create an Admin IAM User

  1. Log in to the AWS Management Console (opens in a new tab) as the Root User.
  2. Search for IAM in the top search bar.
  3. In the sidebar, click Users and then click Create user.
  4. User details:
    • User name: e.g., admin-jane.
    • Select Provide user access to the AWS Management Console.
  5. Console access:
    • Select I want to create an IAM user.
    • Set a Custom password.
    • Recommended: Check "User must create a new password at next sign-in".
  6. Set permissions:
    • Select Add user to group.
    • Create a group named Admins and attach the AdministratorAccess policy to it.
  7. Review and create: Click Create user.

🔐 Step 2: Enable Multi-Factor Authentication (MFA)

MFA is the most critical security setting for your account. It requires a code from your phone or a hardware key to log in.

  1. In the IAM dashboard, click on your username in the top-right and select Security credentials.
  2. Scroll to the Multi-factor authentication (MFA) section and click Assign MFA device.
  3. MFA device name: e.g., JanesPhone.
  4. Select MFA device type:
    • Authenticator app: (Recommended) Use Google Authenticator or Authy.
    • Security Key: e.g., YubiKey.
  5. Set up device:
    • Scan the QR code with your app.
    • Enter two consecutive codes from your app into the boxes.
  6. Click Add MFA.

🚀 Step 3: Secure Your Login Portal

Instead of using a 12-digit Account ID, you can create a customized "Alias" for your login page.

  1. Go to the IAM Dashboard.
  2. On the right side, under AWS Account, look for Account Alias.
  3. Click Create and enter a unique name (e.g., my-devops-lab).
  4. Your new login URL will be: https://my-devops-lab.signin.aws.amazon.com/console.

✅ Step 4: The Final Handover

  1. Log out of the Root User account.
  2. Log in using your new IAM User at your custom login URL.
  3. Verification: Ensure you can access services and see the "IAM" dashboard.
  4. Conclusion: Now, lock your Root User credentials in a safe place and only use them for billing or account-level changes.

[!IMPORTANT] Checklist for Production

  • Root user password is long and complex.
  • MFA is enabled for Root.
  • MFA is enabled for your Admin IAM user.
  • No active Access Keys exist for the Root user.
IAM MasteryIAM Roles & Delegation